Healthfirst 运用身份安全第一的方法来实施零信任策略

公司简介

Healthfirst 是美国纽约州规模最大的非营利性健康保险公司， 主要提供适合所有人生阶段的高品质平价保险计划，包括医疗补助计划、联邦医疗保险优惠计划、长期护理计划、合格健康计划、个人计划和小型团体计划。Healthfirst 的独特优势在于，通过与其广泛的提供商网络就共同目标密切合作，将会员需求放在首位。Healthfirst 还是基于价值的护理模式的先驱，该模式根据患者的结果向医院和医生支付费用。

年收入：140 亿美元员工：5,000 名

挑战

作为 Healthfirst 的首席信息安全官 (CISO)，Brian Miller 对身份安全威胁形势和具体防御目标不抱任何幻想。“网络攻击有无数的变量。想象一下，有一支穿越沙漠的军队。为了对抗这支军队，我们需要在整个沙漠中设置安全围栏，”Miller 表示。“但只要在山口安插 300 人，我们便能击退整支军队。身份相当于是您的企业环境的山口，也是 Healthfirst 大力投资的方面。”

Miller 之所以能进入美国纽约州规模最大的非营利性健康保险公司 Healthfirst，是因为该组织想要发展其网络安全运营。自创立近 30 年来，Healthfirst 一直与其医院系统、社区提供商和合作伙伴网络合作，通过更好地获得医疗服务，尤其是针对服务水平低下的社区，稳步改善卫生成果并促进卫生公平性。

这一成功意味着 Healthfirst 经历了快速增长，目前在纽约州为 180 万会员提供服务。但是，现代健康保险公司面临的增长趋势和日益复杂的需求及要求，必须采用同样强大的网络安全计划才能加以应对。

以数字化方式启用会员资料

Healthfirst 拥有最全面的会员相关信息数据库之一，其中包括注册和计费、客户服务、付款、处理索赔和健康数据等信息。保护高度敏感的医疗记录及 180 万名会员和 5,000 名员工的身份至关重要。在其计算环境中，该组织采用了云优先策略。现在大约 70% 的系统和应用程序都基于云计算，并且该组织拥有 1 万个端点（其中 70% 是远程端点）需要复杂而强大的安全保障。“Healthfirst 旨在以数字化方式启用会员资料，以促进行业转型，”Miller 说道。“其中不可或缺的一部分是提供安全性和高度保障。我们一直都在大力投资数字应用程序、虚拟社区办公室和许多移动解决方案。无论会员是使用应用程序、手机还是走进社区办公室，所有途径都关乎于身份。”

Solutions

Because of the market-leading position of CyberArk, Healthfirst had already deployed a range of CyberArk products including Privileged Access Manager and Vendor Privileged Access Manager. The insurer trusted CyberArk to provide best-of-breed privileged access management and decided to adopt additional technologies from the Identity Security provider to secure its digital transformation. For example, Healthfirst has also migrated several legacy secrets management apps to Secrets Manager (formerly Conjur Secrets Manager) because it integrates seamlessly with developer workflows and can handle a large volume of secrets.

Business importance of security

Alongside the CyberArk solution, Healthfirst ran an education and adoption program to help staff understand the risk and impact that modern cyberattacks, like ransomware, could have on the organization and its members. “After implementing CyberArk, we went through a period of having to educate the business about privileged access management,” recalled Miller. “But it was really a change management effort to help people understand the value of security. Then there is a tipping point where you stop pushing through resistance and people realize the importance of security for them as a business.”

Having recognized identity as one of the critical elements in building an effective cybersecurity infrastructure, Healthfirst has now turned to the CyberArk portfolio of workforce identity management solutions. The company recently deployed CyberArk Identity to provide staff with simple yet extremely secure access to business resources using single sign-on and multi-factor authentication (MFA). “The objective is to make it as hard as possible to break into systems, software and development chains from inside the system, as it is from outside on the internet. Strong identity control is a part of that Zero Trust idea where it does not matter where the bad guy is; they cannot harm anything,” added Miller.

“One of the things Healthfirst is very excited about as we evolve workforce identity management is the ability to federate,” disclosed Miller. “With other systems we are spending lots of dollars on licenses, for example, to allow call centers to access our systems. With CyberArk, we will be able to federate with their identities, cut costs and licensing fees, and use CyberArk desktop soft tokens for MFA. That will give us a very robust and cost-effective solution.”

Because CyberArk solutions are integrated across several areas of privileged access management and identity protection, Healthfirst can now control security more efficiently and cost effectively than when it had multiple tools performing similar functions, thereby driving significant operational efficiencies in the company.

结果

零信任控制身份

“如果能够控制身份，我们便可阻止大多数现代攻击。如果您能控制身份，那么您即可控制所有外围、应用程序、容器——其实是企业环境的各个部分。这就是我所说的真正零信任，也是我们使用 CyberArk 的原因。这能让我晚上睡得安稳” -Brian Miller，HealthFirst 首席信息安全官 (CISO)

与 CyberArk 的合作关系一直是帮助 Healthfirst 构建有效特权访问管理和身份安全计划的关键要素之一。“我喜欢与有文化和愿景的供应商合作，并且有兴趣了解他们当前所从事的工作，”Miller 最后说道。“在 CyberArk，我看到了一家企业文化深厚，致力于为两个组织创造价值流的公司。有一些 CyberArk 员工已在公司工作多年，但并未感到腻烦，因为公司在不断发展壮大。作为 CISO，这就是我要选择的合作伙伴。”

主要优势

• 构建全面的特权访问管理
• 增强保护真人、计算机和第三方身份的能力
• 保护 180 万会员的个人健康信息 (PHI)
• 通过联合身份控制等解决方案来降低安全成本
• 无需昂贵的安全软件许可
• 将多个工具替换为统一的身份安全平台